Sensitive but unclassified

Last updated
A menu for a party, marked FOUO Jmtc-espn-veterans-day-menu.png
A menu for a party, marked FOUO

Sensitive But Unclassified (SBU) is a designation of information in the United States federal government that, though unclassified, often requires strict controls over its distribution. SBU is a broad category of information that includes material covered by such designations as For Official Use Only (FOUO), Law Enforcement Sensitive (LES), Sensitive Homeland Security Information, Sensitive Security Information (SSI), Critical Infrastructure Information (CII), etc. It also includes Internal Revenue Service materials like individual tax records, systems information, and enforcement procedures. Some categories of SBU information have authority in statute or regulation (e.g. SSI, CII) while others, including FOUO, do not.

Contents

An example of FOUO being mixed in with Top Secret info in the same document. (From the CIA Inspector General report about Torture in the War on Terror) Tmemo fouo.png
An example of FOUO being mixed in with Top Secret info in the same document. (From the CIA Inspector General report about Torture in the War on Terror)
The unclassified "Military Working Dogs" web document, marked Distribution Restricted circa 2011 Distribution restricted1.png
The unclassified "Military Working Dogs" web document, marked Distribution Restricted circa 2011

Sensitive Security Information (SSI) is a category of sensitive but unclassified information under the United States government's information sharing and control rules, often used by TSA and CBP. SSI is information obtained in the conduct of security activities whose public disclosure would, in the judgment of specified government agencies, harm transportation security, be an unwarranted invasion of privacy, or reveal trade secrets or privileged or confidential information.

UNCLASSIFIED//FOUO is primarily a Department of Defense phrase/acronym, used for documents or products which contain material which may be exempt from release under the Freedom of Information Act. It is treated as confidential, which means it cannot be discarded in the open trash, made available to the general public, or posted on an uncontrolled website. It can, however, be shared with individuals with a need to know the content, while still under the control of the individual possessing the document or product. [1]

Information that may be protected with these labels range from personally identifying information such as passport and Social Security numbers to documents protected by the attorney–client privilege. [2] [3] Though SBU information may be exempt from complete disclosure under the Freedom of Information Act, it should not be universally withheld. [4] [5]

PARD (Protect as restricted data) is an unclassified but sensitive marking used in the Department of Energy. It is the marking that was on Dr. Wen Ho Lee's program codes at Los Alamos National Laboratory. He (and many other scientists) backed up such data to tape. The government would later claim this was 'espionage' and charge him under 18 U.S.C.   § 793 , (the Espionage Act) which makes it a felony to 'withhold' information related to the 'national defense'. He eventually pleaded guilty to one of the 54 counts against him. [6] [7] He later won a lawsuit against the government and several newspapers over his treatment.

Limited Distribution, Proprietary, Originator Controlled , Law Enforcement Sensitive were designations the Pentagon attempted in 2011 to exempt from President Obama's Executive Order 13556. [8]

The number of designations in use by various branches of the U.S. government for unclassified information eventually numbered more than 100. On May 9, 2008, President George W. Bush directed their consolidation into a new category: Controlled Unclassified Information (CUI). [9] [10]

See also

Related Research Articles

Classified information Material that government claims requires confidentiality

Classified information is material that a government body deems to be sensitive information that must be protected. Access is restricted by law or regulation to particular groups of people with the necessary security clearance and need to know, and mishandling of the material can incur criminal penalties.

A security clearance is a status granted to individuals allowing them access to classified information or to restricted areas, after completion of a thorough background check. The term "security clearance" is also sometimes used in private organizations that have a formal process to vet employees for access to sensitive information. A clearance by itself is normally not sufficient to gain access; the organization must also determine that the cleared individual needs to know specific information. No individual is supposed to be granted automatic access to classified information solely because of rank, position, or a security clearance.

Medical privacy or health privacy is the practice of maintaining the security and confidentiality of patient records. It involves both the conversational discretion of health care providers and the security of medical records. The terms can also refer to the physical privacy of patients from other patients and providers while in a medical facility, and to modesty in medical settings. Modern concerns include the degree of disclosure to insurance companies, employers, and other third parties. The advent of electronic medical records (EMR) and patient care management systems (PCMS) have raised new concerns about privacy, balanced with efforts to reduce duplication of services and medical errors.

Freedom of Information Act (United States) 1967 US statute regarding access to information held by the US government

The Freedom of Information Act (FOIA), 5 U.S.C. § 552, is a federal freedom of information law that requires the full or partial disclosure of previously unreleased information and documents controlled by the United States government upon request. The act defines agency records subject to disclosure, outlines mandatory disclosure procedures, and includes nine exemptions that define categories of information not subject to disclosure. The act was intended to make U.S. government agencies' functions more transparent so that the American public could more easily identify problems in government functioning and put pressure on Congress, agency officials, and the president to address them. The FOIA has been changed repeatedly by both the legislative and executive branches.

Sanitization is the process of removing sensitive information from a document or other message, so that the document may be distributed to a broader audience. When the intent is secrecy protection, such as in dealing with classified information, sanitization attempts to reduce the document's classification level, possibly yielding an unclassified document. When the intent is privacy protection, it is often called data anonymization. Originally, the term sanitization was applied to printed documents; it has since been extended to apply to computer files and the problem of data remanence.

Information Security Oversight Office

The Information Security Oversight Office (ISOO) is responsible to the President for policy and oversight of the government-wide security classification system and the National Industrial Security Program in the United States. The ISOO is a component of the National Archives and Records Administration (NARA) and receives policy and program guidance from the National Security Council (NSC).

Operations security Counterespionage safety procedures and practices

Operations security (OPSEC) is a process that identifies critical information to determine if friendly actions can be observed by enemy intelligence, determines if information obtained by adversaries could be interpreted to be useful to them, and then executes selected measures that eliminate or reduce adversary exploitation of friendly critical information.

The United States government classification system is established under Executive Order 13526, the latest in a long series of executive orders on the topic. Issued by President Barack Obama in 2009, Executive Order 13526 replaced earlier executive orders on the topic and modified the regulations codified to 32 C.F.R. 2001. It lays out the system of classification, declassification, and handling of national security information generated by the U.S. government and its employees and contractors, as well as information received from other governments.

Special access programs (SAPs) in the U.S. Federal Government are security protocols that provide highly classified information with safeguards and access restrictions that exceed those for regular (collateral) classified information. SAPs can range from black projects to routine but especially-sensitive operations, such as COMSEC maintenance or presidential transportation support. In addition to collateral controls, a SAP may impose more stringent investigative or adjudicative requirements, specialized nondisclosure agreements, special terminology or markings, exclusion from standard contract investigations (carve-outs), and centralized billet systems. Within the Department of Defense, SAP is better known as "SAR" by the mandatory Special Access Required (SAR) markings.

Classified information in the United Kingdom is a system used to protect information from intentional or inadvertent release to unauthorised readers. The system is organised by the Cabinet Office and is implemented throughout central and local government and critical national infrastructure. The system is also used by private sector bodies that provide services to the public sector.

Information sensitivity is the control of access to information or knowledge that might result in loss of an advantage or level of security if disclosed to others.

Sensitive Security Information

Sensitive Security Information (SSI) is a category of sensitive but unclassified information under the United States government's information sharing and control rules. SSI is information obtained in the conduct of security activities whose public disclosure would, in the judgement of specified government agencies, harm transportation security, be an unwarranted invasion of privacy, or reveal trade secrets or privileged or confidential information. SSI is governed by Title 49 of the Code of Federal Regulations (CFR), parts 15 and 1520.

The anti-gag statute is a little-known legal boundary in the long struggle in the United States between Executive Branch secrecy and the United States Congress and the public's right to know. Since 1988, the statute has been an annual appropriations restriction drawing the line on Executive branch efforts to limit whistleblowing disclosures to information that is specifically identified in advance as classified. The anti-gag statute requires a mandatory, specifically worded addendum on any nondisclosure policy, form or agreement to legally spend money to implement or enforce the gag order.

Sensitive Security Information or SSI is a term used in the United States to denote sensitive but unclassified information obtained or developed in the conduct of security activities, the public disclosure of which would constitute an unwarranted invasion of privacy, reveal trade secrets or privileged or confidential information, or be detrimental to the security of transportation. It is not a form of classification under Executive Order 12958 as amended. SSI is not a security classification for national security information. The safeguarding and sharing of SSI is governed by Title 49 Code of Federal Regulations (CFR) parts 15 and 1520. This designation is assigned to information to limit the exposure of the information to only those individuals that "need to know" in order to participate in or oversee the protection of the nation's transportation system. Those with a need to know can include persons outside of TSA, such as airport operators, aircraft operators, railroad carriers, rail hazardous materials shippers and receivers, vessel and maritime port owners and operators, foreign vessel owners, and other persons.

For Official Use Only (FOUO) is an information security designation used by some governments.

The mosaic theory in finance involves the use of security analyst personnel to gather information about a company or corporation to evaluate and determine its financial stability. In addition to public information available to all investors, securities analysts also have access to non-public information which the vast majority of investors do not possess. Trading based on such non-public information can be considered illegal if the information is also material, as defined by insider trading laws.

Controlled Unclassified Information Category of unclassified information within the U.S. Federal government

Controlled Unclassified Information (CUI) is a category of unclassified information within the U.S. Federal government. The CUI program was created by President Obama’s Executive Order 13556 after 9/11 to create a streamlined method for information sharing and safeguarding. The Information Security Oversight Office (ISOO) acts as the Executive Agent (EA) of the National Archives and Records Administration (NARA), and is responsible for oversight of the CUI program. The ISOO monitors the implementation of the CUI program by executive branch agencies. CUI will replace agency specific labels such as For Official Use Only (FOUO), Sensitive But Unclassified (SBU), and Law Enforcement Sensitive (LES) on new data and some data with legacy labels will also qualify as Controlled Unclassified Information.

Managed Trusted Internet Protocol Service (MTIPS) was developed by the US General Services Administration (GSA) to allow US Federal agencies to physically and logically connect to the public Internet and other external connections in compliance with the Office of Management and Budget's (OMB) Trusted Internet Connection (TIC) Initiative.

The Government Security Classifications Policy (GSCP) is a system for classifying sensitive government data in the United Kingdom.

References

  1. "So what exactly does "For Official Use Only" mean?". ioss.gov. Archived from the original on 2007-10-10. Retrieved 2008-09-17.
  2. State Department policies
  3. NASA SBU parent page Archived March 27, 2009, at the Wayback Machine
  4. NASA on FOIA exemptions and SBU material Archived March 27, 2009, at the Wayback Machine
  5. Sensitive But Unclassified” Information and Other Controls: Policy and Options for Scientific and Technical Information Archived January 12, 2016, at the Wayback Machine from the Congressional Research Service
  6. My Country Against Me, Dr. Wen Ho Lee & Helen Zia. See his article for more information.
  7. PROTECTION REQUIREMENTS FOR INFORMATION MARKED "PROTECT AS RESTRICTED DATA", Federation of American Scientists
  8. Pentagon Tightens Grip on Unclassified Information, FAS.org, July 11th, 2011 by Steven Aftergood
  9. Castelli, Elise (January 22, 2008). "New policy expected soon for sensitive information". Federal Times. Archived from the original on January 2, 2013.{{cite news}}: CS1 maint: postscript (link)
  10. "Memorandum For The Heads Of Executive Departments And Agencies - Designation and Sharing of Controlled Unclassified Information (CUI)" (Press release). The Office of the White House. May 9, 2008. Retrieved October 21, 2008.
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.